I actually don't know mine, but it's not because I use some fancy password manager. One time I got drunk and changed it to a string of random letters and numbers I don't know.
For what it's worth, same deal with my Facebook.
But hey! Can't hurt to make those reqs any bit more stringent, could it? Another barrier to entry for new users, why not? Hubski doesn't force log outs ever so no one existing would be impacted.